Tag: Drupal Website Security

Honeypot

It should be your first line of defense, quite simple to use and works invisibly, behind the scenes without adding any complexity to the form for your users. Just enable it and then select which forms you want it to protect.

Honeypot will now look to see if a hidden field (called URL by default) has been filled out or if the form was submitted too quickly. In most cases only a bot would fill in the hidden form or fill out the form too quickly. If either of these conditions is met then the submission will be stopped.

Honeypot is typically all we’ll use on a website and in most cases almost completely removes spam. However, there are additional options for further protection.

Webform Validation

Webform Validation is a very flexible add-on module that extends Webforms with additional validation options that include verifying that a field is numeric, meets minimum or maximum lengths, has a number of words, equals a specific value, doesn’t contain black list words and more. And if this wasn’t enough you can even enter Regular Expressions which can create very complex filters like meeting a area-code and phone number format.

The following validation rules are currently included:

Numeric values (optionally specify min and/or max value)

Minimum length

Maximum length

Minimum number of words

Maximum number of words

Equal values on multiple fields

Unique values on multiple fields

Specific value

Require at least one of two fields

Require at least one of several fields

Minimum number of selections required

Maximum number of selections allowed

Exact number of selections required

Plain text (disallow tags)

Regular expression

Must be empty (anti-spam: Hide with CSS)

Words blacklist

Must match a username

is an intelligent content moderation web service. By monitoring content activity on all sites in the Mollom network, Mollom is in a unique position to determine if a post is potentially spam; not only based on the posted content, but also on the past activity and reputation of the poster.

In short, Mollom handles incoming posts intelligently, in much the same way a human moderator decides what posts are acceptable. Therefore, Mollom enables you to allow anonymous users to post comments and other content on your site.

Machine learning. It uses sophisticated machine learning techniques to block spam and malicious content automatically. Mollom uses a reputation-based system that keeps a continually evolving archive of user profiles to immediately discern an individual’s propensity to submit spam. This applies to everything from user registration forms to blog entries.

Protection against profanity. Using text analytics, it is able to detect harmful content such as profanity and other spam-related content. And Mollom adds language support, stopping unwanted content in 75 languages.

Centralized Captcha Service. Mollom provides a centralized captcha service that stop known spammers. Approved users are not required to solve a captcha.

The captcha is invoked for three specific use cases:

Upon user registration, when no content can be classified

When Mollom is unable to classify a user

When a site owner using Mollom opts for more privacy, and Mollom isn’t allowed to audit all content

Mollom audits the content quality by defining it across three dimensions: Spam, Ham, and Unsure:

Ham is considered positive content and automatically published.

Spam is negative content and automatically blocked.

Unsure is anything in between. Mollom does not recognize the user, and they’re shown captcha’s, and the customer gets to decide if content is automatically published, blocked, or sent for manual moderation.

Captcha

There are various types of captcha’s that can be selected from and more can be installed from other modules that extend the options.

A captcha is a challenge-response test most often placed within web forms to determine whether the user is human. Captcha module which allows you to present the user with a captcha challenge to prove they are not a bot. The purpose of Captcha is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can.

In our experience, captcha can be somewhat helpful in minimizing spam but can also aggravate your users who have a hard time figuring out the challenge. We prefer to use other methods that work silently behind the scenes without giving your users more work to do before they can submit the form. The captcha provides this feature to virtually any user facing web form on a Drupal site.

Custom Hooks

Another option for minimizing form spam is to create your own form validation function.

If you are creating your own forms using Drupal’s Form API then you can simply add your own validation function.

If you’re using a built-in form of any other type then you can use HOOK_form_alter() to add your own validation callback to an existing form.